• Feb 07, 2023 News!JACN will adopt Article-by-Article Work Flow. The benefit of article-by-article workflow is that a delay with one article may not delay the entire issue. Once a paper steps into production, it will be published online soon.   [Click]
  • May 30, 2022 News!JACN Vol.10, No.1 has been published with online version.   [Click]
  • Dec 24, 2021 News!Volume 9 No 1 has been indexed by EI (inspec)!   [Click]
General Information
    • ISSN: 1793-8244 (Print)
    • Abbreviated Title:  J. Adv. Comput. Netw.
    • Frequency: Semiyearly
    • DOI: 10.18178/JACN
    • Editor-in-Chief: Professor Haklin Kimm
    • Executive Editor: Ms. Cherry Chan
    • Abstracting/ Indexing: EBSCO, ProQuest, and Google Scholar.
    • E-mail: jacn@ejournal.net
    • APC: 500USD
Professor Haklin Kimm
East Stroudsburg University, USA
I'm happy to take on the position of editor in chief of JACN. We encourage authors to submit papers on all aspects of computer networks.

JACN 2013 Vol.1(2): 148-152 ISSN: 1793-8244
DOI: 10.7763/JACN.2013.V1.30

Detection of Fast-Flux Domains

Chia-Mei Chen, Sheng-Tzong Cheng, and Ju-Hsien Chou

Abstract—Botnets create harmful attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime and robustness of botnets. To circumvent the detection of command and control servers, a set of bots is selected to redirect malicious communication and hides the communication within normal traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domains of all the connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behaviors of malicious fast-flux domains, the network behaviors of domains are formulized in this study to reduce the time complexity of modeling features. According to the experimental results, the malicious fast-flux domains collected from the real networks are identified efficiently and the proposed solution outperforms the blacklists.

Index Terms—Botnet, fast-flux domain, malware, command and control server.

Chia-Mei Chen is with the Department of Information Management, National Sun Yat-sen University, Kaohsiung, Taiwan, R.O.C. (email: cchen@mail.nsysu.edu.tw) Sheng-Tzong Cheng and Ju-Hsien Chou are with the Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan, Taiwan, R.O.C (email:stcheng@mail.ncku.edu.tw, p7896127@mail.ncku.edu.tw)


Cite:Chia-Mei Chen, Sheng-Tzong Cheng, and Ju-Hsien Chou, "Detection of Fast-Flux Domains," Journal of Advances in Computer Networks vol. 1, no. 2, pp. 148-152, 2013.

Copyright © 2008-2024. Journal of Advances in Computer Networks.  All rights reserved.
E-mail: jacn@ejournal.net